Merge pull request #1442 from nmav/oc
openconnect: added support for supplying a fixed second password.
This commit is contained in:
commit
1b426f5bcf
|
@ -10,11 +10,22 @@ config interface 'MYVPN'
|
|||
option username 'test'
|
||||
option password 'secret'
|
||||
option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
|
||||
option token_mode 'rsa' # when built with stoken support
|
||||
option token_secret 'secret' # when built with stoken support
|
||||
option defaultroute '0'
|
||||
option authgroup 'DEFAULT'
|
||||
|
||||
# For second factor auth:
|
||||
|
||||
# when a fixed 2FA password can be used
|
||||
#option password2 'my-fixed-2fa-password'
|
||||
|
||||
# RSA tokens, must be built with stoken support
|
||||
#option token_mode 'rsa'
|
||||
#option token_secret 'secret'
|
||||
|
||||
# HOTP/TOTP tokens
|
||||
#option token_mode 'hotp'
|
||||
#option token_secret '00'
|
||||
|
||||
The additional files are also used:
|
||||
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
|
||||
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
|
||||
|
|
|
@ -10,6 +10,7 @@ proto_openconnect_init_config() {
|
|||
proto_config_add_string "serverhash"
|
||||
proto_config_add_string "authgroup"
|
||||
proto_config_add_string "password"
|
||||
proto_config_add_string "password2"
|
||||
proto_config_add_string "token_mode"
|
||||
proto_config_add_string "token_secret"
|
||||
proto_config_add_string "interface"
|
||||
|
@ -22,7 +23,7 @@ proto_openconnect_init_config() {
|
|||
proto_openconnect_setup() {
|
||||
local config="$1"
|
||||
|
||||
json_get_vars server port username serverhash authgroup password interface token_mode token_secret os csd_wrapper
|
||||
json_get_vars server port username serverhash authgroup password password2 interface token_mode token_secret os csd_wrapper
|
||||
|
||||
grep -q tun /proc/modules || insmod tun
|
||||
|
||||
|
@ -65,6 +66,7 @@ proto_openconnect_setup() {
|
|||
mkdir -p /var/etc
|
||||
pwfile="/var/etc/openconnect-$config.passwd"
|
||||
echo "$password" > "$pwfile"
|
||||
[ -n "$password2" ] && echo "$password2" >> "$pwfile"
|
||||
append cmdline "--passwd-on-stdin"
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,125 @@
|
|||
From 5f2e24fdc9935d049a7e4a5b6e10461e9467597f Mon Sep 17 00:00:00 2001
|
||||
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
||||
Date: Thu, 18 Jun 2015 22:38:05 +0200
|
||||
Subject: [PATCH] Allow processing two passwords from stdin in non-interactive
|
||||
mode
|
||||
|
||||
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
||||
---
|
||||
main.c | 38 ++++++++++++++++++++++++++------------
|
||||
1 file changed, 26 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/main.c b/main.c
|
||||
index 3b976d8..f853afe 100644
|
||||
--- a/main.c
|
||||
+++ b/main.c
|
||||
@@ -85,6 +85,7 @@ static int do_passphrase_from_fsid;
|
||||
static int nocertcheck;
|
||||
static int non_inter;
|
||||
static int cookieonly;
|
||||
+static int allow_stdin_read;
|
||||
|
||||
static char *token_filename;
|
||||
static char *server_cert = NULL;
|
||||
@@ -358,7 +359,7 @@ static char *convert_arg_to_utf8(char **argv, char *arg)
|
||||
#define vfprintf vfprintf_utf8
|
||||
#define is_arg_utf8(str) (0)
|
||||
|
||||
-static void read_stdin(char **string, int hidden)
|
||||
+static void read_stdin(char **string, int hidden, int allow_fail)
|
||||
{
|
||||
CONSOLE_READCONSOLE_CONTROL rcc = { sizeof(rcc), 0, 13, 0 };
|
||||
HANDLE stdinh = GetStdHandle(STD_INPUT_HANDLE);
|
||||
@@ -375,6 +376,7 @@ static void read_stdin(char **string, int hidden)
|
||||
char *errstr = openconnect__win32_strerror(GetLastError());
|
||||
fprintf(stderr, _("ReadConsole() failed: %s\n"), errstr);
|
||||
free(errstr);
|
||||
+ *string = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
@@ -622,7 +624,7 @@ static void print_build_opts(void)
|
||||
|
||||
#ifndef _WIN32
|
||||
static const char default_vpncscript[] = DEFAULT_VPNCSCRIPT;
|
||||
-static void read_stdin(char **string, int hidden)
|
||||
+static void read_stdin(char **string, int hidden, int allow_fail)
|
||||
{
|
||||
char *c, *buf = malloc(1025);
|
||||
int fd = fileno(stdin);
|
||||
@@ -648,8 +650,14 @@ static void read_stdin(char **string, int hidden)
|
||||
}
|
||||
|
||||
if (!buf) {
|
||||
- perror(_("fgets (stdin)"));
|
||||
- exit(1);
|
||||
+ if (allow_fail) {
|
||||
+ *string = NULL;
|
||||
+ free(buf);
|
||||
+ return;
|
||||
+ } else {
|
||||
+ perror(_("fgets (stdin)"));
|
||||
+ exit(1);
|
||||
+ }
|
||||
}
|
||||
|
||||
c = strchr(buf, '\n');
|
||||
@@ -1160,13 +1168,14 @@ int main(int argc, char **argv)
|
||||
cookieonly = 3;
|
||||
break;
|
||||
case OPT_COOKIE_ON_STDIN:
|
||||
- read_stdin(&vpninfo->cookie, 0);
|
||||
+ read_stdin(&vpninfo->cookie, 0, 0);
|
||||
/* If the cookie is empty, ignore it */
|
||||
if (!*vpninfo->cookie)
|
||||
vpninfo->cookie = NULL;
|
||||
break;
|
||||
case OPT_PASSWORD_ON_STDIN:
|
||||
- read_stdin(&password, 0);
|
||||
+ read_stdin(&password, 0, 0);
|
||||
+ allow_stdin_read = 1;
|
||||
break;
|
||||
case OPT_NO_PASSWD:
|
||||
vpninfo->nopasswd = 1;
|
||||
@@ -1708,7 +1717,7 @@ static int validate_peer_cert(void *_vpninfo, const char *reason)
|
||||
fprintf(stderr, _("Enter '%s' to accept, '%s' to abort; anything else to view: "),
|
||||
_("yes"), _("no"));
|
||||
|
||||
- read_stdin(&response, 0);
|
||||
+ read_stdin(&response, 0, 0);
|
||||
if (!response)
|
||||
return -EINVAL;
|
||||
|
||||
@@ -1779,19 +1788,24 @@ static char *prompt_for_input(const char *prompt,
|
||||
struct openconnect_info *vpninfo,
|
||||
int hidden)
|
||||
{
|
||||
- char *response;
|
||||
+ char *response = NULL;
|
||||
|
||||
fprintf(stderr, "%s", prompt);
|
||||
fflush(stderr);
|
||||
|
||||
if (non_inter) {
|
||||
- fprintf(stderr, "***\n");
|
||||
- vpn_progress(vpninfo, PRG_ERR,
|
||||
+ if (allow_stdin_read) {
|
||||
+ read_stdin(&response, hidden, 1);
|
||||
+ }
|
||||
+ if (response == NULL) {
|
||||
+ fprintf(stderr, "***\n");
|
||||
+ vpn_progress(vpninfo, PRG_ERR,
|
||||
_("User input required in non-interactive mode\n"));
|
||||
- return NULL;
|
||||
+ }
|
||||
+ return response;
|
||||
}
|
||||
|
||||
- read_stdin(&response, hidden);
|
||||
+ read_stdin(&response, hidden, 0);
|
||||
return response;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
Loading…
Reference in New Issue